From 4ce205cf08602f1e7069a6c5b7bf5d9e1a3f3f9a Mon Sep 17 00:00:00 2001
From: chenrun1 <chenrun1@xiaomi.com>
Date: Thu, 14 Sep 2023 15:46:28 +0800
Subject: [PATCH] lib_iconv.c:Fix possible out-of-bounds reads

Signed-off-by: chenrun1 <chenrun1@xiaomi.com>
---
 libs/libc/locale/lib_iconv.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/libs/libc/locale/lib_iconv.c b/libs/libc/locale/lib_iconv.c
index 1a965a9b86..f63241cdc1 100644
--- a/libs/libc/locale/lib_iconv.c
+++ b/libs/libc/locale/lib_iconv.c
@@ -420,6 +420,20 @@ size_t iconv(iconv_t cd, FAR char **in, FAR size_t *inb,
 
   to = extract_to(cd);
   from = extract_from(cd);
+  if (to > sizeof(g_charmaps) - 1)
+    {
+      /* Avoid going outside the range of the array */
+
+      to = sizeof(g_charmaps) - 1;
+    }
+
+  if (from > sizeof(g_charmaps) - 1)
+    {
+      /* Avoid going outside the range of the array */
+
+      from = sizeof(g_charmaps) - 1;
+    }
+
   map = g_charmaps + from + 1;
   tomap = g_charmaps + to + 1;
   type = map[0 - 1];